1// Copyright 2016 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5#include "textflag.h"
6
7// func cryptBlocks(c code, key, dst, src *byte, length int)
8TEXT ·cryptBlocks(SB),NOSPLIT,$0-40
9	MOVD	key+8(FP), R1
10	MOVD	dst+16(FP), R2
11	MOVD	src+24(FP), R4
12	MOVD	length+32(FP), R5
13	MOVD	c+0(FP), R0
14loop:
15	WORD	$0xB92E0024 // cipher message (KM)
16	BVS	loop        // branch back if interrupted
17	XOR	R0, R0
18	RET
19
20// func cryptBlocksChain(c code, iv, key, dst, src *byte, length int)
21TEXT ·cryptBlocksChain(SB),NOSPLIT,$48-48
22	LA	params-48(SP), R1
23	MOVD	iv+8(FP), R8
24	MOVD	key+16(FP), R9
25	MVC	$16, 0(R8), 0(R1)  // move iv into params
26	MVC	$32, 0(R9), 16(R1) // move key into params
27	MOVD	dst+24(FP), R2
28	MOVD	src+32(FP), R4
29	MOVD	length+40(FP), R5
30	MOVD	c+0(FP), R0
31loop:
32	WORD	$0xB92F0024       // cipher message with chaining (KMC)
33	BVS	loop              // branch back if interrupted
34	XOR	R0, R0
35	MVC	$16, 0(R1), 0(R8) // update iv
36	RET
37
38// func xorBytes(dst, a, b []byte) int
39TEXT ·xorBytes(SB),NOSPLIT,$0-80
40	MOVD	dst_base+0(FP), R1
41	MOVD	a_base+24(FP), R2
42	MOVD	b_base+48(FP), R3
43	MOVD	a_len+32(FP), R4
44	MOVD	b_len+56(FP), R5
45	CMPBLE	R4, R5, skip
46	MOVD	R5, R4
47skip:
48	MOVD	R4, ret+72(FP)
49	MOVD	$0, R5
50	CMPBLT	R4, $8, tail
51loop:
52	MOVD	0(R2)(R5*1), R7
53	MOVD	0(R3)(R5*1), R8
54	XOR	R7, R8
55	MOVD	R8, 0(R1)(R5*1)
56	LAY	8(R5), R5
57	SUB	$8, R4
58	CMPBGE	R4, $8, loop
59tail:
60	CMPBEQ	R4, $0, done
61	MOVB	0(R2)(R5*1), R7
62	MOVB	0(R3)(R5*1), R8
63	XOR	R7, R8
64	MOVB	R8, 0(R1)(R5*1)
65	LAY	1(R5), R5
66	SUB	$1, R4
67	BR	tail
68done:
69	RET
70
71// func cryptBlocksGCM(fn code, key, dst, src, buf []byte, cnt *[16]byte)
72TEXT ·cryptBlocksGCM(SB),NOSPLIT,$0-112
73	MOVD	src_len+64(FP), R0
74	MOVD	buf_base+80(FP), R1
75	MOVD	cnt+104(FP), R12
76	LMG	(R12), R2, R3
77
78	// Check that the src size is less than or equal to the buffer size.
79	MOVD	buf_len+88(FP), R4
80	CMP	R0, R4
81	BGT	crash
82
83	// Check that the src size is a multiple of 16-bytes.
84	MOVD	R0, R4
85	AND	$0xf, R4
86	BLT	crash // non-zero
87
88	// Check that the src size is less than or equal to the dst size.
89	MOVD	dst_len+40(FP), R4
90	CMP	R0, R4
91	BGT	crash
92
93	MOVD	R2, R4
94	MOVD	R2, R6
95	MOVD	R2, R8
96	MOVD	R3, R5
97	MOVD	R3, R7
98	MOVD	R3, R9
99	ADDW	$1, R5
100	ADDW	$2, R7
101	ADDW	$3, R9
102incr:
103	CMP	R0, $64
104	BLT	tail
105	STMG	R2, R9, (R1)
106	ADDW	$4, R3
107	ADDW	$4, R5
108	ADDW	$4, R7
109	ADDW	$4, R9
110	MOVD	$64(R1), R1
111	SUB	$64, R0
112	BR	incr
113tail:
114	CMP	R0, $0
115	BEQ	crypt
116	STMG	R2, R3, (R1)
117	ADDW	$1, R3
118	MOVD	$16(R1), R1
119	SUB	$16, R0
120	BR	tail
121crypt:
122	STMG	R2, R3, (R12)       // update next counter value
123	MOVD	fn+0(FP), R0        // function code (encryption)
124	MOVD	key_base+8(FP), R1  // key
125	MOVD	buf_base+80(FP), R2 // counter values
126	MOVD	dst_base+32(FP), R4 // dst
127	MOVD	src_base+56(FP), R6 // src
128	MOVD	src_len+64(FP), R7  // len
129loop:
130	WORD	$0xB92D2046         // cipher message with counter (KMCTR)
131	BVS	loop                // branch back if interrupted
132	RET
133crash:
134	MOVD	$0, (R0)
135	RET
136
137// func ghash(key *gcmHashKey, hash *[16]byte, data []byte)
138TEXT ·ghash(SB),NOSPLIT,$32-40
139	MOVD    $65, R0 // GHASH function code
140	MOVD	key+0(FP), R2
141	LMG	(R2), R6, R7
142	MOVD	hash+8(FP), R8
143	LMG	(R8), R4, R5
144	MOVD	$params-32(SP), R1
145	STMG	R4, R7, (R1)
146	LMG	data+16(FP), R2, R3 // R2=base, R3=len
147loop:
148	WORD    $0xB93E0002 // compute intermediate message digest (KIMD)
149	BVS     loop        // branch back if interrupted
150	MVC     $16, (R1), (R8)
151	MOVD	$0, R0
152	RET
153
154// func kmaGCM(fn code, key, dst, src, aad []byte, tag *[16]byte, cnt *gcmCount)
155TEXT ·kmaGCM(SB),NOSPLIT,$112-120
156	MOVD	fn+0(FP), R0
157	MOVD	$params-112(SP), R1
158
159	// load ptr/len pairs
160	LMG	dst+32(FP), R2, R3 // R2=base R3=len
161	LMG	src+56(FP), R4, R5 // R4=base R5=len
162	LMG	aad+80(FP), R6, R7 // R6=base R7=len
163
164	// setup parameters
165	MOVD	cnt+112(FP), R8
166	XC	$12, (R1), (R1)     // reserved
167	MVC	$4, 12(R8), 12(R1)  // set chain value
168	MVC	$16, (R8), 64(R1)   // set initial counter value
169	XC	$32, 16(R1), 16(R1) // set hash subkey and tag
170	SLD	$3, R7, R12
171	MOVD	R12, 48(R1)         // set total AAD length
172	SLD	$3, R5, R12
173	MOVD	R12, 56(R1)         // set total plaintext/ciphertext length
174
175	LMG	key+8(FP), R8, R9   // R8=base R9=len
176	MVC	$16, (R8), 80(R1)   // set key
177	CMPBEQ	R9, $16, kma
178	MVC	$8, 16(R8), 96(R1)
179	CMPBEQ	R9, $24, kma
180	MVC	$8, 24(R8), 104(R1)
181
182kma:
183	WORD	$0xb9296024 // kma %r6,%r2,%r4
184	BVS	kma
185
186	MOVD	tag+104(FP), R2
187	MVC	$16, 16(R1), 0(R2) // copy tag to output
188	MOVD	cnt+112(FP), R8
189	MVC	$4, 12(R1), 12(R8) // update counter value
190
191	RET
192